Hacker Videos

👩‍🎓👨‍🎓 Learn about Large Language Model (LLM) attacks! This lab is vulnerable to indirect prompt injection. The user carlos frequently uses the live chat to ask about the Lightweight "l33t" Leather Jacket product. To solve the lab, we must delete the user carlos. If you're struggling with the concepts covered in this lab, please review

🧠 🔗 Portswigger challenge:

🧑💻 Sign up and start hacking right now -

👾 Join our Discord -

🎙️ This show is hosted by

( @_CryptoCat ) &

👕 Do you want some Intigriti Swag? Check out

Overview: 0:00 Intro 0:20 Insecure output handling 0:52 Indirect prompt injection 2:20 Lab: Indirect prompt injection 3:05 Explore site functionality 3:42 Probe LLM chatbot 4:29 Launch attacks via review feature 11:00 Conclusion

Check out Snyk's AI hacking workshop on July 25th. Register here to secure a spot: snyk.co/livehacktcm Sponsor a Video:

Pentests & Security Consulting:

Get Trained:

Get Certified:

Merch:

📱Social Media📱 ___________________________________________ Twitter:

Twitch:

Instagram:

LinkedIn:

TikTok:

Discord:

💸Donate💸 ___________________________________________ Like the channel? Please consider supporting me on Patreon:

Support the stream (one-time):

Hacker Books: Penetration Testing: A Hands-On Introduction to Hacking:

The Hacker Playbook 3:

Hacking: The Art of Exploitation:

The Web Application Hacker's Handbook:

Real-World Bug Hunting: A Field Guide to Web Hacking:

Social Engineering: The Science of Human Hacking:

Linux Basics for Hackers:

Python Crash Course, 2nd Edition:

Violent Python:

Black Hat Python:

My Build: lg 32gk850g-b 32" Gaming Monitor:

darkFlash Phantom Black ATX Mid-Tower Case:

EVGA 2080TI:

MSI Z390 MotherBoard:

Intel 9700K:

G.SKILL 32GB DDR4 RAM:

Razer Nommo Chroma Speakers:

Razer BlackWidow Chroma Keyboard:

CORSAIR Pro RBG Gaming Mouse:

Sennheiser RS 175 RF Wireless Headphones:

My Recording Equipment: Panasonic G85 4K Camera:

Logitech C922x Pro Webcam:

Aston Origin Microphone:

Rode VideoMicro:

Mackie PROFX8V2 Mixer:

Elgato Cam Link 4K:

Elgate Stream Deck:

*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.

|| Jump into Pay What You Can training at whatever cost makes sense for you!

Learn Cybersecurity - Name Your Price Training with John Hammond:

Learn Coding:

WATCH MORE: Dark Web & Cybercrime Investigations:

Malware & Hacker Tradecraft:

📧JOIN MY NEWSLETTER ➡

🙏SUPPORT THE CHANNEL ➡

🤝 SPONSOR THE CHANNEL ➡

🌎FOLLOW ME EVERYWHERE ➡

↔

↔

↔

↔

💥 SEND ME MALWARE ➡

🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!

Learn how to mount Linux disk images in Windows using the Windows Subsystem for Linux (WSL). We’ll tackle common issues and their fixes. ⌨️ Command used in the video: sudo mount -o ro,loop,offset=[OFFSET],noload [IMAGE] /mnt/[MOUNTPOINT] If you're mounting images containing Logical Volume Management (LVM) volumes, additional steps are required: ✅ Create a loop device from the disk image: sudo losetup -f -P testimage.dd Here, "-f" tells losetup to find the next available loop device, and "-P" forces the kernel to scan the partition table on the newly created loop device. ✅ Refresh LVM so that the new device appears: sudo pvscan --cache This command clears all existing physical volume online records first, then scans all devices on the system, adding physical volume online records for any physical volumes that are found. ✅ Activate the new volume group and logical volumes: sudo vgchange -ay This command activates all inactive logical volumes in the volume group. "ay" stands for "activate yes." ✅ Locate the new volume group: sudo vgdisplay ✅ Mount the volume group: sudo mount /dev/mapper/[VOLUME_GROUP]--[LOGICAL_VOLUME] /mnt/image Note: Replace [VOLUME_GROUP]--[LOGICAL_VOLUME] with the actual paths derived from the sudo vgdisplay command. 📃 Please reference this article for more information:

*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 05:09 - The Solution #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #LinuxForensics

Big shoutout to KASM for sponsoring this video. KASM workspaces supports the OSINT Community Efforts by providing the following products: Kasm Community Edition:

Kasm Cloud OSINT:

Kasm Workspaces OSINT Platform for Professionals/:

Kasm Infrastructure/Apps for OSINT Collection:

// MJ Banias’ SOCIALS // LinkedIn:

Cloak and Dagger Podcast (Spotify):

The Debrief:

Instagram:

X:

Website:

// Ritu Gill’ SOCIALS // LinkedIn:

OSINT Techniques website:

Instagram:

X:

YouTube:

Forensic OSINT website:

TikTok:

// Rae Baker’s SOCIALS // Website:

LinkedIn: linkedin.com/in/raebakerosint X:

// Eliot Higgins’ SOCIALS // Bellingcat website:

X:

// Books // The UFO People: A Curious Culture by MJ Banias: USA:

UK:

Deep Dive: Exploring the Real-world Value of Open Source Intelligence by Rae Baker and Micah Hoffman: USA:

UK:

We Are Bellingcat: Global Crime, Online Sleuths, and the Bold Future of News by Eliot Higgins: USA:

UK:

// YouTube video REFERENCE // Top 10 FREE OSINT tools (with demos):

Deep Dive OSINT:

Best Hacking Python Book:

She Hacked Me:

// David's SOCIAL // Discord:

X:

Instagram:

LinkedIn:

Facebook:

TikTok: http://tiktok.com/@davidbombal YouTube:

// MY STUFF //

// SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] // MENU // 00:00 - Coming up 00:41 - Sponsored Section: KASM Workspaces demo 06:26 - Intro 06:46 - MJ’s Journey in OSINT 11:14 - Starting an OSINT Company 11:55 - Teaching Background 12:34 - Years in OSINT 13:19 - Advice for People Starting Out 15:44 - What It Means to Do OSINT 16:54 - Recommended Tools for OSINT 19:03 - Meet Ritu Gil 19:09 - Characteristics of a Good OSINT Investigator 20:03 - Knowing When to Give Up 20:43 - Soft Skills vs Technical Skills 22:17 - Ritu’s Advice on How to Get Started 23:24 - Are There Jobs in OSINT? 24:39 - Forensic OSINT Demo 26:41 - Tinder Vulnerabilities 30:51 - Next Guest Intro 32:04 - Rae Baker 32:33 - Tools Rae Uses 34:11 - From Graphic Design to OSINT 37:56 - Volunteering to Learn 39:10 - Next Guest Intro 40:10 - Eliot Higgins 40:19 - Eliot’s Background into OSINT 41:44 - Bellingcat 44:27 - No Degree Needed to Start 45:37 - Useful Tools to Use 47:19 - Advice for People Starting Out 48:36 - Communities to Join 51:50 - Recommended Books 53:03 - How MJ Got the Job 55:53 - MJ Shares an OSINT Story 01:02:44 - Importance of a Team 01:08:15 - Conclusion 01:10:34 - Outro osint open-source intelligence open source intelligence tools osint curious geolocation geolocation game facebook instagram google bing yandex geolocation google geolocation bing you cannot hide social media warning about social media google dorks dorks google osintgram osint framework osint tools osint tv osint ukraine osint tutorial osint course osint instagram osint framework…

Sorry for the double upload. The last 45 seconds were missing from the first video. 00:00 - Introduction 01:00 - Start of nmap 02:45 - Playing with the Agent Chat, discovering we can send HTML then testing for XSS then seeing CSP (Content Security Policy) Stops us 06:20 - Testing for the ability to perform redirection via HTML via meta refresh 09:20 - Discovering the 404 error page has reflective XSS, but CSP Blocks us from running XSS on the page itself 10:15 - Finding one of the Analytics JavaScript Files allows for reflective injection, allowing us to insert javascript 13:00 - Having a Meta Redirect to the double reflective xss injection and stealing a cookie 22:10 - Logged into the SSO by replaying the cookie and testing password reset 29:00 - Getting a second session so we can test the file-sharing capability 37:10 - Creating a script that will enumerate users based upon the people directory, then test the welcome password 56:30 - Going over the internal nmap scan from the VPN 1:03:54 - Looking at the Mozilla directory, discovering there is a BitWarden plugin installed and the history indicates they may have a pin code set 1:11:00 - Extracting the Bitwarden PinProtected Hash so we can crack it 1:31:30 - Downloading all the Git Repo's and finding a secret in the commit history and discovering they JWT Signing Key 1:37:00 - Using GetEnt on the Linux workstation to enumerate groups in ldap 1:42:50 - Creating a JWT of the Engineering group, changing the password then logging into the workstation 1:45:30 - Downloading a Docker Image from our box, and copying it to the remote host so we can use Docker to Privesc 1:49:10 - As root we can SU to other users, then find an SSH Key for Sysadmin to the main host 1:55:55 - Proxmox backups on the mainhost have the authkey.key file which is the RSA Signing Key Proxmox uses for cookies 1:58:30 - Creating a proxmox cookie with the RSA Signing Key and then using the API to change the root password